Hello Buddies,
I am afraid how can specify hostlist in my configuration file.
Because
My requirement is
The gateway server should relay mails from any domain, any hosts to test.com(
test.com only ).
ie No one can ( Except the users at the domain test.com ) send mails ( with
an ID fake@???) to other domains ( example: mailladdr@??? )
through the gateway server.
The following is acl_smtp_rcpt ACL in exim.conf
check_recipient:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = postmaster
domains = +local_domains
# sender domains blacklist
# reject if sender domain is in blacklist
deny senders = +blacklist_senders
message = blacklisted sender: $sender_address
# sender domains whitelist
# accept if sender domain is in whitelist
accept sender_domains = +whitelist_domains // This for whitelisting
required domains to bypass acl check, "test.com" is included
set acl_m_spam_bypass = 1
endpass
accept hosts = +whitelist_hosts
# sender whitelist
# accept if sender is in whitelist
accept senders = +whitelist_senders //This for whitelisting required s
enders to bypass acl check, "test.com" is included
set acl_m_spam_bypass = 1
endpass
# SPF evaluation
# Reject the mails if the sender domain does not hace spf record
deny
message = [SPF] $sender_host_address is not allowed to send mail \
from $sender_address_domain.
log_message = SPF check failed.
set acl_m9 = -ipv4=$sender_host_address \
-sender=$sender_address \
-helo=$sender_helo_name
set acl_m9 = ${run{/usr/bin/spfquery $acl_m9}}
condition = ${if eq {$runrc}{1}{true}{false}}
# RBL Checking
# deny using RBL
deny message = Message rejected because $sender_fullhost is blacklisted at
$dnslist_domain see $dnslist_text :
!hosts = +whitelist_hosts
!authenticated = *
dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org :
list.dsbl.org : cbl.abuseat.org : relays.ordb.org :
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
set acl_m0 = $local_part@$domain
accept domains = +relay_domains // Here I included the domain
test.com only
endpass
message = unrouteable address
verify = recipient
deny message = relay not permitted
accept
I think this explanation is sufficient for you ...
Thanks & regards,
Muhammed Afsal K.S
On Jan 8, 2008 1:33 AM, Dave Evans <exim-users-20071221@???> wrote:
> On Tue, Jan 08, 2008 at 01:18:01AM +0400, Muhammed afsal wrote:
> > Spammers configure a fake mail accout "fake@???" in an Outlook
> express"
> > mail as outgoing mail server as test.com. As there is no smtp
> authentication
> > in exim where mail server for test.com running, they can use account "
> > fake@???" to sent spam mails to another mail servers.
>
> In that case, the problem lies in your RCPT ACL. Basically, you need to
> control relaying by testing the connecting host's IP address ("hosts ="),
> not
> their claimed mail-from address ("senders ="). Read
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTaclconditions
> for more.
>
> If you'd like advice more specific to your situation, please show
> us your RCPT ACL, and tell us what users /should/ be allowed to relay
> through
> your server - i.e. what IP ranges you trust, and whether or not you use
> authentication.
>
> --
> Dave Evans
> http://djce.org.uk/
> http://djce.org.uk/pgpkey
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHgpqunYOJTU6nkkkRAmWDAJ4ki6eTL0Y/t0hOqr0M8gboRDbTiQCdEPtj
> oa+7wfbZ3krgBzMHASf3FIY=
> =+IEs
> -----END PGP SIGNATURE-----
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>